Week in review 12 January 2020 – Office 365 Phishing, Firms Hit Once Per Minute, Dixons Carphone fined, Travelex hackers threaten to sell data, Firefox zero-day exploit, Citrix scanned for vulns


Week in review 12 January 2020 – Office 365 Phishing Attacks, Firms Hit Once Per Minute in 2019, Dixons Carphone Fined for Breach, Travelex hackers threaten to sell credit card data, Mozilla patches actively exploited Firefox zero-day, Hackers probe Citrix servers for remote code execution vulnerability

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.


Office 365 users: Beware of phishing emails pointing to Office Sway

One of phishers’ preferred methods for fooling both targets and email filters is to use legitimate services to host phishing pages. The latest example of this involves Office 365 users being directed to phishing and malicious pages hosted on Office Sway, a web application for content creation that’s part of Microsoft Office.

The email that tries to trick recipients into visiting the phishing page isn’t stopped by Microsoft’s filters, likely because either it was sent from an onmicrosoft.com email address or it includes links in the email that point to sway.office.com and other trusted sites (e.g., LinkedIn). The email pretends to be a fax receipt notice, shows a small image of the supposedly received fax, and asks the user to open the attachment to view it.

Read more here: https://www.helpnetsecurity.com/2020/01/10/phishing-office-sway/


Cyber-Attacks Hit UK Firms Once Per Minute in 2019

UK businesses were deluged with cyber-attacks in 2019, with the average firm hit by over half a million attempts to compromise systems, according to new report.

A UK-based business Internet Service Provider (ISP) extrapolated the findings from data on its own corporate customers across the country.

It calculated the average number of attacks aimed at a single business last year was 576,575, around 152% higher than the 281,094 recorded in 2018 and the highest since the ISP began analyzing this kind of data in 2016.

That means UK businesses were forced to repel 66 attacks per hour on average in 2019.

The firm identified 1.8 million unique IP addresses responsible for the attacks last year, just under a fifth (18%) of which were located in China. However, this is more an indication of the sheer number of potentially hijacked machines based in the country rather than the origin of the attackers.

There was a fairly big drop to second placed Brazil (7%), which was followed by Taiwan (6%) and Russia (5%) in terms of originating IP addresses for attacks.

Attackers most commonly targeted network device admin tools and IoT endpoints like connected security cameras and building control systems, according to Beaming. These suffered 92,448 attacks in total last year, while 35,807 were targeted at file sharing applications.

Read the full article here: https://www.infosecurity-magazine.com/news/cyberattacks-uk-firms-once-per/


Dixons Carphone Receives Maximum Fine for Major Breach

A major UK high street retailer has been fined the maximum amount under the pre-GDPR data protection regime for deficiencies which led to a breach affecting 14 million customers.

Privacy regulator the Information Commissioner’s Office (ICO) fined DSG Retail £500,000 under the 1998 Data Protection Act after Point of Sale (POS) malware was installed on 5390 tills.

The incident affected Currys PC World and Dixons Travel stores between July 2017 and April 2018, allowing hackers to harvest data including customer names, postcodes, email addresses and failed credit checks from internal servers, over a nine-month period.

The “poor security arrangements” highlighted by the ICO included ineffective software patching, the absence of a local firewall, and lack of network segregation and routine security testing.

More information here: https://www.infosecurity-magazine.com/news/dixons-carphone-receives-maxi-fine/


Travelex hackers threaten to sell credit card data on dark web

Cyber gangsters have stepped up the pressure on Travelex to pay a $6m ransom to decrypt the company’s data by issuing a new threat to sell personal data about its customers on the dark web.

The threat comes after a cyber crime group used sophisticated malware, known as Sodinokibi or REvil, to encrypt the currency exchange’s computer files, forcing the company to switch off its worldwide computer network.

Travelex, which has hired computer experts to investigate the incident, said on 9 January that it was making progress in bringing its systems back online and that there was “still no evidence to date that any data has been exfiltrated”.

The attack has disrupted Travelex operations for 10 days, leaving the firm’s customers unable to collect foreign currency orders, use the Travelex app, or pay for currency using credit cards. This has led to widespread complaints from customers.

Over a dozen banks, including the Royal Bank of Scotland, NatWest, First Direct, Barclays and Lloyds, which rely on Travelex to provide services, have also told customers they are unable to take orders for foreign currency.

The crime group has stepped up pressure on Travelex, which has operations in 70 countries, by threatening to sell personal data collected from the company, including credit card details, on a Russian cyber crime forum.

Read the full article here: https://www.computerweekly.com/news/252476526/Travelex-hackers-threaten-to-sell-credit-card-data-on-dark-web


PayPal Confirms ‘High-Severity’ Password Security Vulnerability

PayPal has confirmed that a researcher found a high-severity security vulnerability that could expose user passwords to an attacker. The problem, which was disclosed on January 8 was patched by PayPal on December 11, 2019.

Read more here: https://www.forbes.com/sites/daveywinder/2020/01/10/paypal-confirms-high-severity-password-security-vulnerability/#42f496561b50


Mozilla patches actively exploited Firefox zero-day

Mozilla has patched a Firefox zero-day vulnerability (CVE-2019-17026) that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible.

Read more here: https://www.helpnetsecurity.com/2020/01/09/cve-2019-17026/


Hackers probe Citrix servers for weakness to remote code execution vulnerability

Cyberattackers are performing scans to find Citrix servers vulnerable to a critical security flaw.

Disclosed in December, the severe vulnerability, tracked as CVE-2019-19781, impacts the Citrix Application Delivery Controller (ADC) -- also known as NetScaler ADC -- alongside Citrix Gateway, formerly known as NetScaler Gateway. The critical vulnerability permits directory traversal and if exploited permits threat actors to conduct Remote Code Execution (RCE) attacks.

Researchers have estimated that at least 80,000 organizations in 158 countries are users of ADC and could, therefore, be at risk. Companies in the firing line are predominantly based in the US -- roughly 38 percent -- as well as the UK, Germany, the Netherlands, and Australia.

Read more here: https://www.zdnet.com/article/hackers-probe-unsecured-citrix-servers-for-netscaler-vulnerability/


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Previous
Previous

Cyber Tip Tuesday for 14 January - No Technical Tool or Tools offer 100% Protection

Next
Next

Our first Black Arrow Cyber Tip Tuesday video for 2020 - what's coming up in the next couple of months